I have an IdentityServer3 instance set up and I am requesting a token using the authorize endpoint (/core/connect/authorize).
My application requesting the token is an iOS application.
I pass the following parameters;
client_id=<clientid>
response_type=id_token
scope=openid
redirect_uri=<redirecturi>
state=<state>
nonce=<nonce>
This then opens up a web view for me, I enter my credentials and it returns the redirect_uri
with the #id_token
appended to the url.
To validate the token I pass it to the access token validation endpoint (/core/connect/accesstokenvalidation) of my IdentityServer. I append ?token=<access token received from login>
.
I then get the response
{ "Message": "invalid_token" }
When I check the log
System.IdentityModel.Tokens.SecurityTokenInvalidAudienceException: IDX10214: Audience validation failed. Audience: '<clientid>'. Did not match: validationParamters.ValidAudience: '<identity_server_host>/resources' or validationParameters.ValidAudiences: 'null'
What am I doing wrong here? Surely the IdentityServer that created the token should validate it as valid?
You don't request an access token in your example. With
response_type=id_token
you only get the identity token which you can validate against the identity token endpoint. To get the access token with your request you must change your request to
response_type=id_token token
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With